PRB: SQL Service Manager Shows Indeterminate for Non-Admin User

ID: Q171862

The information in this article applies to:

Microsoft SQL Server version 6.5

SYMPTOMS

If a user is logged on to a Windows NT Server 4.0 computer running Microsoft SQL Server and the user is not logged on as an administrator, SQL Service Manager will show 'Service State Indeterminate' and not list any services. SQL Enterprise Manager and Control Panel Services will still show the current status of the MSSQLServer, SQLExecutive, and MSDTC services for a user who is not logged on as an administrator.

CAUSE

SQL Service Manager tries to read the registry for a list of services that it controls, using the machine name. It also uses the permissions of the user who is logged on to Windows NT. If the user who logged on to Windows NT is not an administrator, SQL Service Manager is not able to read the HKEY_LOCAL_MACHINE key on the <machine name>\SOFTWARE\Microsoft\MSSQLServer folder in the registry.

There is a new functionality in Windows NT 4.0 that provides a system administrator with the ability to secure remote registry access. The security on the following registry key dictates which users or groups can access the registry remotely:


   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers
   \Winreg

In a default installation of Windows NT Workstation, this key does not exist. In a default installation of Windows NT Server, this key exists and grants administrators full control for remote registry operations. For more information, see the following article in the Microsoft Knowledge Base:

ARTICLE-ID: Q155363 : How To Regulate Network Access to the Windows NT Registry

WORKAROUND

The following optional subkey defines specific paths into the registry that are allowed access, regardless of the security on the winreg registry key:


   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers
   \Winreg\AllowedPaths\Machine (entry of type REG_MULTI_SZ)

The AllowedPaths registry key contains multiple strings, which represent registry entries that can be read by Everyone. This allows specific system functions (such as checking printer status) to work correctly regardless of how access is restricted by the winreg registry key.

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall SQL Server. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

By adding an additional string "SOFTWARE\Microsoft\MSSQLServer\SQL Service Manager" to the Machine value, SQL Service Manager can then display the current state of the SQL Server services for non administrator users. Any changes to the above registry entries require a restart for the changes to take effect.

Additional query words: start stop rpc redirector


Keywords          : kbenv SSrvAdmin 
Version           : 6.5
Platform          : WINDOWS 
Issue type        : kbprb

Last Reviewed: April 16, 1999